ruleset

package
v0.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 28, 2024 License: MPL-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Action 

type Action int
const (
	// ActionMaybe indicates that the ruleset hasn't seen anything worth blocking based on
	// current information, but that may change if volatile fields change in the future.
	ActionMaybe Action = iota
	// ActionAllow indicates that the stream should be allowed regardless of future changes.
	ActionAllow
	// ActionBlock indicates that the stream should be blocked.
	ActionBlock
	// ActionDrop indicates that the current packet should be dropped,
	// but the stream should be allowed to continue.
	// Only valid for UDP streams. Equivalent to ActionBlock for TCP streams.
	ActionDrop
	// ActionModify indicates that the current packet should be modified,
	// and the stream should be allowed to continue.
	// Only valid for UDP streams. Equivalent to ActionMaybe for TCP streams.
	ActionModify
)

func (Action) String 

func (a Action) String() string

type BuiltinConfig added in v0.0.5 

type BuiltinConfig struct {
	Logger               Logger
	GeoMatcher           *geo.GeoMatcher
	ProtectedDialContext func(ctx context.Context, network, address string) (net.Conn, error)
}

type ExprRule 

type ExprRule struct {
	Name     string        `yaml:"name"`
	Action   string        `yaml:"action"`
	Log      bool          `yaml:"log"`
	Modifier ModifierEntry `yaml:"modifier"`
	Expr     string        `yaml:"expr"`
}

ExprRule is the external representation of an expression rule.

func ExprRulesFromYAML 

func ExprRulesFromYAML(file string) ([]ExprRule, error)

type Function added in v0.3.2 

type Function struct {
	InitFunc  func() error
	PatchFunc func(args *[]ast.Node) error
	Func      func(params ...any) (any, error)
	Types     []reflect.Type
}

type Logger added in v0.2.1 

type Logger interface {
	Log(info StreamInfo, name string)
	MatchError(info StreamInfo, name string, err error)
}

Logger is the logging interface for the ruleset.

type MatchResult 

type MatchResult struct {
	Action      Action
	ModInstance modifier.Instance
}

type ModifierEntry 

type ModifierEntry struct {
	Name string                 `yaml:"name"`
	Args map[string]interface{} `yaml:"args"`
}

type Protocol 

type Protocol int
const (
	ProtocolTCP Protocol = iota
	ProtocolUDP
)

func (Protocol) String 

func (p Protocol) String() string

type Ruleset 

type Ruleset interface {
	// Analyzers returns the list of analyzers to use for a stream.
	// It must be safe for concurrent use by multiple workers.
	Analyzers(StreamInfo) []analyzer.Analyzer
	// Match matches a stream against the ruleset and returns the result.
	// It must be safe for concurrent use by multiple workers.
	Match(StreamInfo) MatchResult
}

func CompileExprRules 

func CompileExprRules(rules []ExprRule, ans []analyzer.Analyzer, mods []modifier.Modifier, config *BuiltinConfig) (Ruleset, error)

CompileExprRules compiles a list of expression rules into a ruleset. It returns an error if any of the rules are invalid, or if any of the analyzers used by the rules are unknown (not provided in the analyzer list).

type StreamInfo 

type StreamInfo struct {
	ID               int64
	Protocol         Protocol
	SrcIP, DstIP     net.IP
	SrcPort, DstPort uint16
	Props            analyzer.CombinedPropMap
}

func (StreamInfo) DstString 

func (i StreamInfo) DstString() string

func (StreamInfo) SrcString 

func (i StreamInfo) SrcString() string

Source Files

View all Source files

Directories

Path Synopsis
geo
geo/v2geo

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.